Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-47575
CVE-2024-47575:
Fortinet FortiManager vulnerability analysis and mitigation
Overview
A critical authentication vulnerability (CVE-2024-47575) was discovered in FortiManager's fgfmd daemon that affects multiple versions of FortiManager and FortiManager Cloud. The vulnerability allows remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. The issue was disclosed on October 23, 2024, and has been actively exploited in the wild since June 2024 (Fortinet Advisory, Arctic Wolf).
Technical details
The vulnerability (CWE-306: Missing Authentication for Critical Function) affects FortiManager versions 6.2.0 through 7.6.0 and various FortiManager Cloud versions. It received a CVSS v3.1 score of 9.8 (Critical), indicating its severe impact. The vulnerability exists in the FortiManager fgfmd daemon and can be exploited through TCP port 541. The issue stems from improper authentication controls in the FGFM (FortiGate-to-FortiManager) protocol implementation (Fortinet Advisory, WatchTowr Labs).
Impact
Successful exploitation allows attackers to execute arbitrary code or commands on affected FortiManager systems. The primary impact observed in the wild has been the automated exfiltration of sensitive files containing IPs, credentials, and configurations of managed devices. While there have been no confirmed reports of malware installation or backdoors, the compromise could potentially affect all devices managed by the FortiManager instance (Fortinet Advisory).
Mitigation and workarounds
Fortinet has released patches for affected versions and recommends upgrading to the fixed versions: 7.6.1 or above, 7.4.5 or above, 7.2.8 or above, 7.0.13 or above, 6.4.15 or above, and 6.2.13 or above. For FortiManager Cloud, users should upgrade to the latest fixed versions or migrate to a fixed release. Alternative workarounds include enabling fgfm-deny-unknown, implementing local-in policies to whitelist authorized FortiGate IP addresses, and using custom certificates. Organizations should also change all credentials of managed devices as a precautionary measure (Fortinet Advisory).
Community reactions
The vulnerability has received significant attention from the security community, with multiple security firms publishing detailed analyses. Mandiant and Fortinet conducted webinars to discuss the vulnerability's impact and mitigation strategies. Security researchers have expressed concerns about the patch quality and potential incomplete fixes (WatchTowr Labs).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management